From owner-freebsd-stable@FreeBSD.ORG Thu Dec 10 18:22:16 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A38571065670 for ; Thu, 10 Dec 2009 18:22:16 +0000 (UTC) (envelope-from takeda@takeda.tk) Received: from chinatsu.takeda.tk (takeda-1-pt.tunnel.tserv15.lax1.ipv6.he.net [IPv6:2001:470:c:16b::2]) by mx1.freebsd.org (Postfix) with ESMTP id 7D85E8FC15 for ; Thu, 10 Dec 2009 18:22:16 +0000 (UTC) Received: from takeda-ws.lan (takeda-ws.lan [10.0.0.3]) (authenticated bits=0) by chinatsu.takeda.tk (8.14.3/8.14.3) with ESMTP id nBAIMFUB042978 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Thu, 10 Dec 2009 10:22:15 -0800 (PST) (envelope-from takeda@takeda.tk) Date: Thu, 10 Dec 2009 10:22:09 -0800 From: Derek Kulinski X-Mailer: The Bat! (v3.99.3) Professional X-Priority: 3 (Normal) Message-ID: <124905177.20091210102209@takeda.tk> To: Max Laier In-Reply-To: <200912101838.42013.max@love2party.net> References: <20091210034512.GA28864@chinatsu.takeda.tk> <200912101838.42013.max@love2party.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-stable@freebsd.org Subject: Re: pf: unlocked lookup X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2009 18:22:16 -0000 Hello Max, Thursday, December 10, 2009, 9:38:41 AM, you wrote: > this is a generic informational message that was put into the code to figure > out if the hack that is "debug.pfugidhack" is actually required. You can get > rid of the message by setting the debug level of pf to something below "misc" > (e.g. pfctl -x urgent). Well, the hack actually is required, my system crashes when I disable it. > The pfugidhack is automatically enabled when you use rules with user or group > filters. These rules are a layering violation and the hack is required to > make them work. I'd rather get rid of them altogether, but since it is a much > demanded functionality we introduced the workaround instead. > Just lower the debugging level (s.a.), ignore the messages, or rebuild your > kernel/pf module with the respective DPRINTF lines (sys/contrib/pf/net/pf.c) > commented out. I might just move them to the loud level in the main tree, > though. So if I understand correctly, chances of fixing the workaround are really small? At least now I know how to disable those messages, thanks. -- Best regards, Derek mailto:takeda@takeda.tk Come to think of it, there are already a million monkeys on a million typewriters, and Usenet is *nothing* like Shakespeare. -- Blair Houghton